Ricoh Aficio MP C2800 Security Target - Page 30

Page 30 of 80 A.NETWORK (Assumptions for network connections) As specified by A.NETWORK, when the network that the TOE is connected to (the internal network) is connected to an external network such as the Internet, the internal network shall be protected from unauthorised communications originating from the external network. As specified by OE.NETWORK, if the internal network, to which the TOE is connected, is connected to an external network such as the Internet, the organisation managing operation of the internal network shall close any unnecessary ports between the external and internal networks. Therefore, A.NETWORK is upheld. T.ILLEGAL_USE (Malicious usage of the TOE) To counter this threat, the TOE performs identification and authenticationof users with O.I&A prior to their use of the TOE Security Functions, and allows the successfully authenticated user to use the functions for which the user has the operation permission. In addition, the TOE records the performance of O.I&A as audit logs by O.AUDIT, and provides only the Machine administrator with the function to read the audit logs so that the machine administrator detects afterwards whether or not there was security intrusion of O.I&A. Therefore, the TOE can counter T.ILLEGAL_USE. T.UNAUTH_ACCESS (Access violation of protected assets stored in the TOE) To counter this threat, the TOE allows the authorised users identified by O.I&A to access to document data according to the operation permission on document data that are assigned to the authorised users' roles and the authorised users by O.DOC_ACC. For example, if the authorised user is the general user, the TOE allows the general user to perform operations on document data according to the operation permissions. If the authorised user is a file administrator, the TOE allows the file administrator to delete the document data stored in the D-BOX. Therefore, the TOE can counter T.UNAUTH_ACCESS. T.ABUSE_SEC_MNG (Abuse of Security Management Functions) To counter this threat, the TOE allows onyl users who have successfully authenticated with O.I&A to use the TOE Security Functions. The TOE also restricts management of the Security Functions to specified users only, and control of TSF data, and security attributes by O.MANAGE. In addition, O.I&Aand O.MANAGE events are recorded in audit logs by O.AUDIT, and the function for reading audit logs is available to the machine administrator only, so that the machine administrator can later identify whether or not security intrusion events involving O.I&A and O.MANAGE occurred. Therefore, the TOE can counter T.ABUSE_SEC_MNG. T.SALVAGE (Salvaging memory) To counter this threat, the TOE converts the format of document data by O.MEM.PROTECT, making the document data difficult to read and decode if the HDD is installed in a device other than the TOE. In addition, the performance of O.MEM.PROTECT is recorded in audit logs by O.AUDIT, and the function for reading audit logs is available to the machine administrator only, so that the machine administrator can later identify whether or not O.MEM.PROTECT was performed successfully. Therefore, the TOE can counter T.SALVAGE. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.